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ABSTRACT 



A method for processing packets' in a router includes speci- 
fying operations on packets as chains of processing ele- 
ments. Each chain is uniquely associated with one interface/ 
"protocol pair, and each processing element performs at least 
one function on a packet. An incoming packet is received, 
and processed, first by a demultiplexer element which 
determines the protocol of the next higher level used by the 
packet. Then, the packet is processed by the elements of a 
decapsulation chain associated with the interface on which 
the packet was received, and by the elements of an encap- 
sulation chain associated with the interface on which the 
packet is to be transmitted. The demultiplexor element or 
operation passes the packet on to a decapsulation chain 
associated with the protocol and with the incoming 
interface, depending on protocol information contained in 
the incoming packet. Decapsulation and encapsulation 
chains can be built dynamically, by inserting new and 
removing old elements as necessary as new protocols are 
developed and new features added. A chain walker walks 
through the chains, passing the processed packet to each 
element in a chain, until either the end of the chain is reached 
and processing is complete, or until the packet is dropped 
because no function can process it, or because a packet is 
processed by an outside process or by hardware, which may 
optionally stop the chain walk. A chain walk may be 
temporarily halted, or may be terminated. If temporarily 
halted, the chain walk can be resumed at any element in the 
chain, depending on the packet's requirements. A chain walk 
can also begin at any element in a chain. 

32 Claims, 10 Drawing Sheets 
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p,vrA^n™«S 0 ^l ING USING T ° mOVe P ackels ° ne neIwork t0 P»«*ei 

ENCAPSULATION AND DECAPSULATION processing software is required on each router. Generally, 

CHAINS packets received from a network are processed and for- 

RFI ATFn appi irmnMc Waldcd l ° aDOthcr network . based on information contained 

RELATED APPLICATIONS s ft, i ayers 2 and 3 of the ISO 7-layer model. 

This application discloses subject matter that is related to Layer 2 (L2) of the ISO model is commonly referred to as 

subject matter disclosed in the following applications, ^ data " lmk la yer. Ethernet, HDLC and PPP are examples 

assigned to Cisco Systems, Inc., the assignee of the present of commonly used L2 protocols. Ethernet is commonly used 

invention, and are incorporated herein by reference: m LANs. wn >le HDLC and PPP are commonly used in 

Kenneth Moberg and Manoi Leelanivas, PACKET PRO- '° WANs ' 

CESSING USING NON-SEQUENTIAL ENCAPSULA- Lay6r 3 ^ 15 commonly referred to as the network 

TION AND DECAPSULATION CHAINS, filed on the even layer ' Internet Protocol (IP) is the most commonly used L3 

day herewith, Ser. No. 09/418,781. protocol. ARP, SAP and SNAP are IP-related protocols that, 

Kenneth Moberg, Kristen Marie Robins, and William "^T^ T St " C ' ly * ? ayer 2 ' arc considered «° be layer 2 
May, DISTRIBUTED PACKET PROCESSING USING P rotocols for Purposes herem. 

ENCAPSULATION AND DECAPSULATION, filed on the Layer 4 ^ ls commonly referred to as the transport 
even day herewith, Ser No. 09/418,723. ' yer TCP ^ me most commonly used L4 protocol. 

Router software designers use the term encapsulation to 
BACKGROUND OF THE INVENTION refer to the layering of protocols. A packet containing TCP 

A network is a communication system that allows a user tcp^iT P T°' S f haVe '1 enca P sulation ° f 

on a computer to access resources and exchange messages I ™ rTJ^Th ^ TCP, IP and 

with users on other computers. A network is typically a data SStc " eDCapSUlatl ° n ° f TCP 0ver ,P over 

communication system that links two or more computers lf 

and peripheral devices. It allows users to share resources on 25 J P rol " e «tion of features and protocols has greatly 

their own systems with other network users and to access complicated ' h e software involved in processing packets, 

information on centrally located systems or on systems that Bectuse ol this > the software responsible for each layer must 

are located at remote offices. It may provide connections to l™*?,"" 1 * pSCket to determine what tne next step is in the 

the Internet or to the networks of other organizations handling of the packet. 

A network typically includes a cable that attaches to a 3 ° • , / exam P le ' ™ hea a P acket is received on an ethernet 

network interface card (NIC) in each of the devices within m,erface ' ^e ethernet protocol handling software must 

the network. examine the header, and based on values in the header, 

it • . . . determine what to do with the packet Data contained within 

Users interact with ne.work^nabled software applica- , packet , for example> a , P r Sg,h fi?U Z me pM 

onTnetw k ea T°I kreqU , eSt ' SUChaSt °, ge,afile0rprint 35 header > ^aZn about the ^^^^0 ^ 

on a network printer. An application may also communicate 35 pac k e t y 

with the network software, and the network software may A .r,H;i,™„i „.h„ m „. • , . , ^ . . 

then interact with the network hardware to transmit infer- be lradltl0nal etheraet Pressing algorithm for this might 

mation to other devices attached to the network. i r .„ . 

A local area network (LAN) is a network located in a „ " &E£?i IP *" "* 

relatively small area, such as a department or building. A lf , W,^ a 

LAN typically includes a shared medium to which work- type=ARP and ARP is configured for this interface 

stations attach and through which they communicate with P 10 COde 

one another by using broadcast methods. With broadcasting type=RARP and RARP is configured for this interface 

any device on a LAN can transmit a message that all other PaSS packet 10 RARP code 

devices on the LAN can listen to. The device to which the 45 If tv P e - ,PV6 and IPV6 is configured for this interface 

message is addressed actually processes the message. Data Pass P ackel to lPV ° code 
is typically packaged into frames for transmission on the 

LAN. Each time a new protocol is added, the ethernet code must 

FIG. 1 is a block diagram illustrating a network connec- <„ be modificd to handle 'he new protocol. This may be 

tion between a user 2 and a particular web server 6. This necessary for each layer every time new features or proto- 

figure is an example, which may be consistent with any type Cols 316 added - Router software has grown to the point 

of network, including a LAN, a wide area network (WAN), where maintenance has become very difficult. Each change 

or a combination of networks, such as the Internet ' can causc wide var i at 'ons in performance. A new method is 

When a user 2 connects to a particular destination, such S5 ^LT^ -° }° fcatUrcS and P ratoc ° Is 

as a requested web server 6, the connection from the user 2 ' aff6CUDg thc StablLly of ex,stln S 

to the web server 6 is typically routed through several SUMMARY OF THE INVENTION 

c° a nvT,^ D ' R ° U, " Sare mteroetworking devices, typi- The present invention solves the above problems by 
Tl , s™ 131 ™ 6 homogeneous network logically separating the various packet operations into chain 

^Internetworks. For example two LANs may 60 element These elements are then dynamically chained 

network riSDN^r ", S ™ S ^ 35 Deeded ' at «° form encapsulation and 

network (ISDN), or a leased line via routers. decapsulation chains 

Routers are also found throughout the Internet. End users The chains can also be dynamically rebuilt upon a change 

may connec. to local Internet Service providers (ISPs), of configuration. Such changes typically come from a cus- 

which are typically connected via routers to regional ISPs, 65 tomer command line interface, however, in some cases there 

which are in turn typically connected via routers to national may be features that are configured after a protocol nego- 

,:>KS - nation. 
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With the employment of chains, developers of new fea- executes the demux chain associated with the incoming 

tuna do not need to change exisung code to introduce the interface, a decapsulation chain associated with the incom 

new features. Instead, new chain elements can be developed ing interface, and an encapsulation chain associated with an 

and mserted into existing chains as necessary. identified outgoing interface. After an element is executed 

As a result of the improved modularity, performance is s from chain walker, the element returns a reference to the 

improved for complex operations. next element in the chain. The chain walker then executes 

Accordingly, a method for processing packets in a router me referenced next element. On the other hand, if the 

includes specifying packet processing function elements and element returns a null reference, the chain walker stops, 

linking them together to form chains. Each chain is associ- In addition, a return code can notify the chain walker that 

ated with a unique interface/protocol pair. As used herein, a "> the packet should be dropped 

TihHH m 7 b ? ro , UtCr - lc ^ el r' 000 ' SU , Ch 35 IP ' ° f " may ° ne embodiment implements the chains and chain walker 

be bndge-level protocol. Furthermore, the term protocol is usi ng an interface descriptor block (IDB) assoriaTJ v5 

St whl D hT PaSS . H T C6P1 ° f "T^ 8 ' WhCre 3 Cacb interface - ^ mB ^ude. a "fercoJe or pointer To a 
packet which has already been encapsulated using one demux element associated with the associated interface a 

Z 1 £ T P ^ a,ed ^ samc or a diffcrent 15 reference to a decapsulation chain array, and a referent 
mTerfSs m a 6 v^ e m en^ \ * '^l™ ZT* ^ ' ™ array. Each encapsulation or decap- 

iTlSlr y ? , 6n * Untei f d , b y a packet M enca P su " sulation array holds references or posters to chains of 

cnk An t S Z PaCke ' , aCC . 0rdmg 10 f Van0U f Prot °- en «psulation or decapsulation processing elements, respec- 
cols. An interface, then, is simply the target of a packet, and uVely. 

may be implemented in hardware, software, or both. 20 

Each processing element within a chain performs at least BRIEF DESCRIPTION OF THE DRAWINGS 

an" pro C ce^d 0n firs P t a b?a ^ ^T^' ^ t0K ^ and other ob ^ ™* ^vantages 

and processed, first by a demultiplexer (demux) element of the invention wUi be &ppuent from the followine * 

which determines the protocol of the next hieher level used „„ rt ;„,.i„ a ■ .- uuui w uuuwng more 

hvih^na^t Th^r, /'""'"^"^"Kveiusea particular description of preferred embodiments of the 

of h™ /h P \ cke ' ISpr0CeSSed ] 5y ! h 1 eeIementS to v «tion, as illustrated in the accompanying drawings in 

In one embodiment, the demultiplexer element or opera- 30 ptr. i „ ki~.l. a -„ c . 

with the protocol and with the incoming interface, depend- . P S 

ing on protocol information contained in the incoming IG ' 2 IS 3 block dlagram ^"s^ing a simple network 

packet. The protocol information may be contained for v™*** 0 * a u user ° n »n ethemet LAN to a remote server on 

example, in a type or length field in a header 35 4 dlfferent ethernel LAN. witn « serial WAN using HDLC 

Decapsulation and encapsulation chains can be built ™ Ct i ng T ^ 

dynamically, by inserting new and removing old elements as * °' 3 K f schsm2lic diagram lUustrating decapsulation 

necessary as new protocols are developed and new features encapsulation of a message as performed by a router, 

added. FIG. 4 is a schematic diagram illustrating an embodiment 

In addition to decapsulation, the decapsulation chain can 40 ° f lhe P resent invention including a chain walker, 

include functions including, but not limited to, decryption, FIG ' 4A ^ a scne matic diagram illustrating an embodi- 

decompression And filtering. Similarly, an encapsulation ment °^ lne P resent invention having a virtual interface, 

chain can include, in addition to an encapsulation operation, FIG. 4B is a schematic diagram of an embodiment of the 

encryption, compression, flow control and filtering present invention with different chains than those of the 

functions, as well is other function. 45 previous figures. 

A chain walker walks through the chains, passing the FIG. 4C is a schematic diagram of an alternative embodi- 

processed packet to each element in a chain, until either the ment of the present invention illustrating a non-sequential 

end of the chain is reached and processing is complete, or chain. 

until the packet is dropped because no function can process 50 FIG. 4D is a schematic diagram of an alternative embodi- 

lt, or because a packet is processed by an outside process or ment of the present invention illustrating another non- 

by hardware, which may optionally stop the chain walk. sequential chain. 

A chain walk may be temporarily halted, or may be FIG. 5 is a schematic diagram of the data structures used 

terminated. If temporarily halted, the chain walk can be to implement decapsulation and encapsulation chains of the 

resumed at any element m the chain, depending on the 5S present invention 

eTment ^S"*" A ^ ^ ^ **** ^ ^ ^ 6 * 3 fl ° WChart UluS,fatin S aD embodiment of the 

element in a chain. chain wa]kei 

A packet may be intended for the router, in which case 

processing ends after the decapsulation chain terminates. In DETAILED DESCRIPTION OF THE 

addition, the router itself can generate packets. The desti- 6 o INVENTION 

n a n^H OU K 80in8 * determifled ' md ,he P acket is FIG. 2 illustrates a simple network 10 to which several 

processed by executing processing elements within a systems 14 are connected In particular the network 10 

S£ I r aSS ° Claled the ° Ulg0in8 connects a ««■ l4A ° n ° ne elhe ™' LAN iK wftTremote 

Z tlZZr * P 15 traDSnUUed fr ° m ° mg0 " 148 0D 3 differenl etheme < LAN 12B, with a Trial 

d, <■ ui " t . . 65 WAN 16 using HDLC to connect the two LANs 12A, 12B 

Preferably, an embodiment uses a chain walker which, Two routers 15A and 15B provide the interfaces between the 

upon receipt of an incoming packet in an incoming interface, two types of networks. 
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The etheraet LANs 12 A, , 12B use ethemet protocol, while single element sap_decaps 61; a SNAP decapsulation chain 

the serai WAN 16 uses HDLC protocol. For a TCP packet comprising a single element snap_decaps 63; and a multi- 

to reach the server 14B, the routers 15A, 15B must change element IP decapsulation chain 64 

^ e e™ P ^ ati0D ! thernet * HDLC ' ' heD baCk t0 0f ° th « decapsulation chains can exist for pro- 

n^r fo Ttach e reSe a,10DS ^ "* ^ 5 ~*« V ^ ** purpo^ 

assume the packet uses internet protocol (IP)- In this case 
Local area network 12A uses, for example, the protocol the demux element Ether_decaps 57 returns a pointer to the 
shown in block 18A. Here, HTTP protocol is used by the first element 65 of the IP decapsulation chain 64 to the chain 
application. TCP and IP protocols as well as ethcrnet pro- walker 55, as indicated by dotted line 86. Logically decrypt 
tocol are used throughout the local area network. The same 10 65 follows ether_decaps 57 as indicated by solid arrow 85 
[™S B are ^ m local area n6tW0rk UB 35 show ° ^ Decrypt 65 is the first element in the IP decapsulation 

chain 64. In this example, the decapsulation chain 64 is 
rhe wide area network 16, however, uses HDLC protocol shown to comprise a decryption, element 65, a decompres- 
mstead of ethemet, as shown in block 18C, because this sion element 67, and an ip_switcb element 69. In an actual 
protocol is better suited to wide area networks. Therefore, it 15 application, some or all of these elements may be absent, or 
is necessary for the routers 15A, 15B to translate packets additional elements may be in the chain 
from the ethemet Protocol to HDLC protocol and back to In actuality, for IP packets that are switched, there is no 
euiernet protocol. decapsulation, although the term "decapsulation chain" is 

FIG. 3 illustrates basic decapsulation-andencapsulatuSnas retained. The ip_switch element 69 determines if the packet 
performed.by router-lSAof^IG.^. An incomingpacket 20A is to be switched or punted for further processing. For ATCP 
contains a message-or'bther data 22 which is encapsulated packet that is destined for the router itself, the actual 
wim.anHKIP header 24'wh ich'in rurn-js encapsulated with decapsulation is performed in the IP process after the packet 
ajrCP^header-26=^Tlus=m"turn is encapsulatedwith a? IP has been punted. Similarly, the • arp_decaps element 59 
Lhead er^28'-and-th e-packet-is-finally-encapgiilatp.ri in^an simply punts the packet to the ARP process. 
£_ethernet i frame,.including,an=ethernet,header.30 ;- jj As indicated by the dashed lines 79, the process of chain 

/ j >A Tlie"router ISA reformats-and-readdressesJhe_packeT by \ walking can be implemented by having each chain element 
strhppjng_off.me_ethernet.header 30, or decapsulating_.the~~\ rctu ™ to the chain walker 55 a pointer to the next chain 
frame, and reading the IPTl^der'28 r to^obtam _ a'destinaiion (element. The chain walker then calls the next element in the 
address. The packet now appears as shown at 20B. 3 q jchain. 

/ Next the router prepends the packet with an HDLC header )/ £fjte£d^psulatkw,the_router.m 

/32 as shown_at^O^J[Tie_router.has-thus-encapsulated_the_J/ fil f ner transmission by encapsulating it~in~lhe desired 

(jge^sagerin.a-HDLC-packet-format: : — / protocol;.assu mihgHhe"pkckefis not intended for the router 

\ In Practice, the decapsulation and encapsulation processes pashedJneJg^p^ra^esahe.decapsujMigj^ain 64 

can-be-more-complex^indudrng^W^b^Tencryption 3S^H a * bt ^capsulation chain 747The packeris paSed from 

anVother^funcuons-The present mvrario%T>fi^these %^PHg^N^ 
/functionriS^inaTvidualxlements.-and-dynamically cnains * 5 S2ci|gaLwa^ 

ithe-elementstoielheT at runtime,-as-needed r using-a-Unked ^g c mna g^th:me-ip_rew^element-70rlp-rewfhe 70 
chain struxruTeln^nTe^bodim ent. For exam ple, a chain can' Pg£forms_fu.nmgns^such 5 as.updatingKdecremwdr^) the 
be.dynamically-built;arthTsTa7t of a sessionJElcrTiSion « ^^'hve count-m anlP packet's header, and recalculating 
can thenAave^itso wn chain . ) ^ check sum foUhe,lP_header.^= = / 

/A chain walk-eT^ro^sl^cket-by-wallaig-to a , h ^ iS ^ tn P f^ d to J^ com P ressi °° element 71, 

chWSoiThe packet to eachelemiin.thexhain, fn.il ^uZ^Z^TtI ^ * HDLC ^T 

either-yoj^ing-is-c^ ™ Y v . , T ' u ? ^ 

a^stii2ropped..Each-element-also-has-the-abili.y-to 45 f n ^ * %?f h h, ^ " f ° r ^ "'f ^ ° UtpU ' 

"punt" the packet_tp_an_external-software-or-hardware "^'^ h scheduler 83 removes the packet from the 

fun C tionrand-th-fpS:packet.ma y -be_returned an^vheV q ™ e f 1 and ; ransm,ts «• HDLC interface 53. 

s-in the chain for : mav-not-be-rerurned-at all rackets do not need to be switched in the 

<t ^GJm^^I^SSS^n^ pnX ni invention. anTuLs^n^f? " ^ ^ 

The router shown 15 represents either rouler 15Aor 15B of 50 back to t ^te^.JSFT* 
FIG. 2. While a typical router may have multiple interfaces £ '^Tf *** cnca P s ^ on cf >ain. Tins is done for 

only two 51, 53 are shown in FIG. 4. pln h g - pack f lh \ m deSt '°? d for ' he router ' for f cxam P le ' 
' , . A chain walk can be stopped, started or resumed from any 
When a packet is received by the router 15, it is passed to point on the chain. This allows elements such as an encryp- 
tne cham waLker 55. The chain walker 55 in turn retrieves a ss tion element to pass the packet to an outside process or 
pointer to a de-multiplexor, or demux, element. Because in piece of hardware, to perform the actual encryption 
this example, interface 51 is an ethemet interface, the demux The processed packet may then be passed back to con- 
element 57 performs an ethemet decapsulation operation. tinue the chain walk. This mechanism is called 'punt' and 
For other types of interfaces, other decapsulation functions 'puntback'. The punting element hands lhe packet to the 
would be used in the demux cham. 60 outside process or hardware . u me punling e [ emem wan(s 
The demux operation or element 57 determines the pro- the packet to resume the chain walk at the next element in 
tocol of the next higher level (L3) used by the incoming the chain, it stores the chain next node pointer in the packet, 
packet, and passes the packet to an appropriate decapsula- The puntback routine starts the chain walk with the node 
tion chain. Although it will be understood that there can be previously stored in the packet. 

mai 7nTi e ' f ° Ur possible decapsulation chains are shown: 65 For example, as indicated by lines 87, an element such as 

an ARP decapsulation chain comprising a single element encryption element 73 can pass the packet to an encryption 

arp_decaps 59; a SAP decapsulation chain comprising a process 75 which is external to the chain. This is known as 
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punting the process packet The packet may be returned to pression element 71C-2, which may use a different com- 

the punting element, encryption element 73 in this example, pression scheme than the voice compression element 71C 1 

alter processing. The packet is then encrypted by encryption element 73C. 

Alternatively, the chain walk could resume processing Packets from either path are then passed to queue element 

with any element id the chain. 5 81C, and finally to the scheduler element 83C which then 

ARP, SAP and SNAP are various protocols which fall outputs the packet through serial interface 53C. 

under the IP protocol family. As shown with respect to the Ofj»ujp^pjic!eJs_charact^^ 

ARP, SAP and SNAP decapsulation elements 59, 61 and 63 datajn^y^ice/These.are simply offered ; as examples. Packet 

respectively, packets may be processed by additional pro- c haracteristics-on-which _ the^la^ifie7 _ 95"may~base a 

cesses 60,62, 66 external to the chains. Packets processed by to decision , include but are n ot ,.limiled.to..for example^ pro- 

these functions 60, 62, 66 may then be queued directly at jt6col-typere:g— IP,-TCP,-UDP, - HTML, ARP, FTP, etc., 

queue 81 without passing through an encapsulation chain. {characteri stics such ^s _^oadcast,,multicast^unicast, etc., 

Of course, while only IP, ARP, SAP and SNAP decapsu- r TGP ; or -UDPport number, source and/or destination address? 

lation chains are shown, additional protocols can also be i5^ t ?K^-«-w«^t«-or-videor-- jj 

supported for this interface 51. Each protocol would have its is ^ wlth 1 aU other dements in the chain, the classifier 95 

own decapsulation chain passes, to the chain walker 55, a pointer to the next element. 

Note that alrhnnoh ih* in^ m ,o„ „ a . • • . j However, in one embodiment, the classifier 95 uses internal 

n g , . ^ COmm u 8 . "? d out g° 1D S •"•"faces knowledge plus its analysis of the packet type to decide 

e»£ KnJ^ARP \ T*\ T H ^ ^ which cbain path 96A > 965 l ° "id .he^cket. Tnus 

examp e, Ping and ARP are protocols where the incoming the chain is not sequential, in that there are multiple 

and outgoing interface is typically the same interface. » branches a chain ma y ^ mUUlple 

FIG 4A dlustrates an embodiment of the present inven- FIG. 4D is a schematic diagram of another chain which 

e ttoStSS?"' " ^r" 1 *. 31 c - «» implemented by a non -fequential embodiment FIG 

chains mC ° mme ° Ut8 ° lng 4 ° Sh0WS juSt an en «I««>«tion chain. A packet is received, 

r „J «fBA JOOD L L • • 9 from the incoming interface, or alternatively, from a virtual 

Lines 88A and 88B represent the beginning and ending interface, by the ip_rewrite element 70B. In the event 

edges of the virtual interface 90, respectively. Message ip_rewrite 70B already knows how to encapsulate the 

packets pass from the ip_switch element 69 to the packet, it performs the encapsulation, and there is no need to 

ip_encaps element 91 within the virtual interface 90. The execute the HDLC encapsulation element 77B The encap- 

ip_tunnel encaps element 91 encapsulates the IP packet into sulation element 77B is thus skipped by having the packet 

another IP packet, i.e., it implements IP over IP, and passes 30 take the path 97. In this case ip_rewrite 70B passes back a 

the tunneled packet to an ip_switcn element 69A, which pointer to the next element to be executed through path 97 A, 

may or may not be the same as ip_switch 69 in the incoming the next element being the queue element 81B 

v!T a . Th ^ e f nCapS 0 U n lated IP P»<**» £ then passed out of the If ip_rewrite 70B does not know how to encapsulate the 

ch^n ,„ P V fi n ? ^r 55 E , t0 r apSUlatl ° D 35 P acket ' " ^ P rocess the P a <*et normally and return a 

Cha ' r sP/^y l ° «■* W element 70. * pointer t0 HDLC encapsulation element 77B to the chain 

M(j. 4B illustrates chains which are more practical than walker 55. 

those of FIG. 4, which shows many elements for illustrative Finally, the packet is passed from queue element 81B to 

purposes. me scheme,. 83B and transmitted out through the Serial 2 

FIG. 4B shows two interfaces: Serial 1 51B and Serial 2 port 53B. 

53B. The decaps chain encompasses a decryption element The advantage of this.embodiment is that it cuts out the 

rPPn d ST 0 ', Q 2 H P ° 1Dl to P01D i P T*° l 6Xtra pr0CeSsiD 8 K ^ iKd 10 d0 an extra chain walk. Often, 

*QP P£ I P ? , ' 3 30 IP SWUCh elemeDl ; P- rew " te 7 °B will know how to encapsulate a packe 

e. P m P n?7r,B n m^T U r 00 T- COmpnses ™ V-^write based on destination. This information may be returned, for 

^ If' ™ LC ^capsulation eemen, 77B, and queue „ example , by me HDLC encapsulation element 77B afte the 

elemen 81B, followed by a schedule element 83B which flrst encapsulation of the packet. Ip rewrite 70B can then 

passes the packet to the output serial port Serail 2 53B. slore this mformation ^ it fo P -, ater packets J££ 

MU. 4L is a schematic diagram of an alternative embodi- same destination or within the session 

°ln', h h e PreSeDt i iD ?, nti0n iUustralm S f a "on-^q«ential Th 6re are other reasons for having non-sequential chains. 

Sf J £ n r- P • ^% mC ° min 8 , .^« ,s Ethernet 1 50 For example, different types of encryption could be applied 

SIC and the outgoing interface is Serial 1 53C. The decap- to packets depending J destinatio ; P ty or some P ^ thcr 

57C fnnow^ h C ° mpr,SeS , an h e ' h r e ' decapsulatl ° n « nodule attribute. Furthermore, ip^rewrite can oteerve the conges- 
57C foUowed by ,p_sw,,ch 69C. uon on ^ network and for . le> ^ 

Ip_switcb 69C passes the packet to the encapsulation scheduler if there is no congestion. In very fast Ethernet, for 

cham through the interface 88, to ip_rewrite 70C which, 55 example, a router needs to get packets in and out fast. By 

among other tasks, updates the time-to-live counter and allowing the chain elements to be skipped or executed in a 

updates the header checksum accordingly. The updated non-sequential way, packets are routed through the router 

packet is then passed from ip_rewrite to a PPP encapsula- expediently. 

lion element 94. Another example where non-sequential chains is useful is, 

The classifier element 95 then examines the packet, for 60 for example, in implementing an access list or other filter 

example, for packet type or some other characteristic. For Different chain elements can be executed depending on the 

example, packets may be voice or data, as shown in FIG. 4C. destination and/or depending on access riehts 

Vn£ C hT V0iC6 ' lb£ H PaCk ?- * PaSSCd l l0Dg Pa,h 96A " T** element whicb non-sequential skip, such 

element 71C.r nPr " by COmpression « «•* classifier 95 of FIG. 4C, can have internal data which 

. .. ' t , . 65 allows it to determine, when a chain is built, what the jump 

In the case of data, the packet is passed along path 96B. targets are. Determination may be based on data stored by or 

In this example, the packet's data is compressed by com- for the classifier 94, and based on the incoming packet itself. 
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„,,w re f ne "i Uy ' me u nl fca,Ure 56,5 may te ap P Ued to routine or 10 hardw »re 138 for further process™ The 

packets depending on the* source address, destination IP external routine or hardware 138 prccesJTnTptctet ana 1 

address, types or other attributes. The classifier element 95 may return control to the chain eln^Tas shoWAl er 

can, for example, mainuun thts .nformation in an internal natively the external routine or hardware 138 may pass he 
data base and return, to the chain walker 55, a pointer to the 5 packet to another chain or may halt the procesT 
applicable element. . , . ' v 

mr* en.. . . A code value is also used to notify the chain walker as tn 

FIG 5 illustrates the data structures used to implement whether it should continue. If the packed oSed To a 

sequential decapsulation and encapsulation chains, as well higher layer for further processing, the SeTset^Tvalue 

as the sequential portions of non-sequential chains. First, a that tells the chain walker to do nornta™ Tf the pale, 
separate interface descnp or block (1DB) 100 is defined for 10 fa t0 be dropped, the code is set to a valueZT'tehs the c£ 

each interface. Each IDB 100 includes several fields includ- walker to dropibe packet — ^J^^thechain 

mg a demux field 100A, a decaps array pointer 100B an uru — 7C~ T " • ' * ~~ 

encaps array 100C, queuing information 100D and sched* xS^Sl^^^^^^^^^ ' 
uhng information 100E - I^SfmSalH" detennines-whemer'thereturn code isf 

T.edemuxpointerlOOApointstoademuxelementlO:. » $§g%££g&Sg&$S%^^ 

encapsulation e.g., ethernet or HDLC, of an incoming [me^nexj^lemenlsatsstep^Wfi^a^^ 
Ito^t pTck" 5 PaCk6 ' 10 d6terminC Whkh 2 o 

protocol the packet uses. 20 eilherme pj^ket-is dropped orlLTtil therf are no more chain 
t The-deeaj>sjpy_pMn^<W^^^ elements^ u - mu ' 

A^sS^^^S^'^^T'-^^ ° Uring «he router's hardware control soft- 

j y JMD ^ to ^-»»i-clemc ms-of-viriou s decapsulation ware determines which network interfaces exist on the 
Lchains.associated-with-the-vaTious^rmocols-For example, router An IDR inn mr s^ ;<= „ZZ t7 u . i 

mJh^hain.A-previous-field-lOSB-pomte-to the-previous Configuration information is deTermined for each interfS' 

^^^^ h ^M^^jn^^r » for example, by reading it from a filTor from £j m-' 

Q h f Fu rthermorereach-cham-element ? 106 mab le memory. Default queuing and scheduling elements 

l^^^J._ PK j«^_eta^ pomter lOeCjmd a are then added to the chain. hrtyTdZ^S^ 

co^processingelement pomteriOeD which pointtoTthe encapsulation elements are added to each interface aLrd 

actual processing dements. Control dala.106E.-mav also be to the nm.nmU ,Z;\11\7,,a , i i. .t c 

cbritairSa ; ifln^ ^imrij6^ ~~7 _ 35 ratiorL pr ° t0C ° ls avaUablc 35 d6te ™"^ed by the configu- 

A second chain element 107 is shown. The chain may Once the chain for an interface is built, the interface is 

contain a Rhirahty of .elements. .Each , element .returns a ready for packet processing. When apacket is receSby a^ 

P^^^^<^Jo-b*-c*^^bc^ interface it is handed to the chain wa'lker, as deS wi* 

c . •', ... 40 respect to FIG. 4. The chain walker has no knowledge of 

Similarly, the encaps array pointer 100C in the IDB 100 protocols. For an encapsulation of IP over ethernet, the chain 

pouits to an encaps array 108. Each entry in the encaps array might include only an IP decapsulation element, followed by 

108 pouts to an encapsulation element for a specific pro- an encapsulation chain comprising ethernet encapsulation 

tocol. For example, the first entry 108A is a pointer to an queuing and scheduling elements 

108R rD i e n8n n Z SU ' atiOn , elemeDl - Tb f next u en,ries 45 Chains can have elements added or deleted based on 

108B-108D con.au! pointers to encapsulate chain ele- configuration. Each element in a chain has no specific 

HG. 6 is a flow chart 120 illustrating an embodiment of walker has no knowledge of the number of elements or types 
the present invention. of protocols on a ^ Each e , emem Qr Qode Qn ^ ^ 

hirst, at step 122, a packet is received on an interface. 50 determines (he whether or not the chain walk continues 

Ihen, at step 124, an IDB is retrieved which is associated based on its processing of the packet 

with that interface At step 126 a pointer to the demux chain The above chain could thus be modified by inserting 

is retrieved from the IDB, and passed to the chain walker. elements into the chains without changing the ethernet IP 

The chain walker 55 receives the packet and the pointer queuing or scheduling elements. For example, an ethernet 

from the IDB and sets a return code to 0 at step 130. At step 55 address filter could be inserted before the IP decapsulation 

132 the chain walker executes the current chain element element, or a new compression element could be inserted at 

pointed to by the pointer received from the IDB. A typical the beginning of the encapsulation chain 

cham element is shown at 134. Each element 134 on the For packets entering the router from an interface, the 

cham processes the packet, and can return the next element chain walker typically starts with the demux element. While 

n Ot ^ KXUTnCOd V O , 0tOSlOplhe 60 ,here can be aQ y Dumb » ° f encapsulation and 
cham walk. The return code « set to a value less than 0 if, de-encapsulation elements chained together on an interface 

"if!? DOt V^Jt***** there is typically only one demux element for each interface! 
u .which ca* L^packeus 10 be dropped. Otherwise, the For packets that are sourced on the router, the chain wafc 
gau^ement 134 returns to .he cham walker a pointer u> the starts with the first encapsulation element 

next cham element. , „ ....... 

. ,--t- — . , , . 65 While this invention has been particularly shown and 

e .™, Carber m deS T Ptl ° n ° f 4 ' 3 ChaiD described references 10 P"*™* embodtaentsTereof 

element 134 may punt or pass the packet to an external ft will be understood by those skilled in the art that various 
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changes in form and details may be made therein without 
departing from the spirit and scope of the invention as 
defined by the appended claims. 
What is claimed is: 

1. A method for processing packets, comprising: 
specifying a chain of function elements, each element 
capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 
processing the packet by walking through the elements of 
the chain; 

receiving an incoming packet at a first interface, the 
packet being encapsulated according to a first protocol, 
wherein processing of the packet is performed by a 
decapsulation chain associated with the first interface 
and with the first protocol; 

upon completion of processing by the decapsulation 
chain, passing the packet to and processing it in an 
encapsulation chain associated with a second interface 
and a second protocol; and 

transmitting the processed packet from the second inter- 
face. 

2. The method of claim 1, wherein a plurality of chains is 
associated with the interface, each chain being associated 
with a unique protocol. 

3. The method of claim 2, wherein an element belongs to 
one or more chains. 

4. The method of claim 2, wherein a unique protocol 
comprises a bridge-level protocol. 

5. The method of claim 2 wherein a unique protocol 
comprises a router-level protocol. 

6. The method of claim 2 wherein a unique protocol 
comprises a tunneling protocol. 

7. The method of claim 1, wherein protocol information 
about a packet is contained in the packet.. 

8. The method of claim 1, further comprising: 
building the chain dynamically. 

9. The method of claim 8 wherein the chain is dynami- 
cally built for a session at the session's start 



12 



10 



20 



10 



21. The method of claim 18, wherein the external process 
is implemented by a combination of software and hardware. 

22. The method of claim 18, further comprising: 
resuming a chain walk at any element in a chain. 

23. The method of claim 1, further comprising: 
starting a chain walk at any element in a chain. 

24. The method of claim 1, further comprising: 

generating the packet in a selected protocol; 

determining an interface through which to transmit the 
packet; 

processing the packet by walking through the elements of 
an encapsulation chain associated with the interface 
and the protocol; and 

transmitting the packet from the interface. 

25. The method of claim 1, further comprising: 

from each element in the chain, returning, to the chain 
walker, a pointer to the next element. 

26. A router for a computer network, comprising: 

a plurality of interfaces, each interface associated with 
a demultiplexer chain, 

an array of protocol decapsulation chains, and 
an array of protocol encapsulation chains, 
each chain comprising at least one packet-processing 
element, the elements in a chain being linked; and 
a chain walker which, upon receipt of an incoming first 
protocol packet in a receiving interface, 
passes the packet to the demultiplexer chain associated 

with the receiving interface for processing, 
passes the processed packet to and walks through a 
decapsulation chain associated with the incoming 
interface and the first protocol, for further 
processing, and 
passes the further processed packet to and walks 
through an encapsulation chain associated with an 
identified transmitting interface and identified sec- 
ond protocol. 

27. The router of claim 26 wherein the chain walker walks 



■n, 0 _„,, . F , • . , - . , c "'■ uiwaiui^o wnerein mecnain watKer watKs 

^SS^t^^T 6151 mterfaCe « ^ * ~*« ** ^ wherein 



the second interface are different 

11. The method of claim 1 if wherein the first interface 
and the second interface are the same. 

12. The method of claim 1 if wherein an interface is a 
virtual interface. 

13. The method of claim 1 if wherein the first protocol and 
the second protocol are different. 

14. The method of claim 1, wherein a demultiplexer 
chain, responsive to protocol information contained in the 
received packet, passes the packet on to the encapsulation 
chain. 

15. The method of claim 1, wherein the encapsulation 
chain performs any or all of: 

encapsulation, encryption, compression, flow control and 
filtering. 

16. The method of claim 1, wherein the decapsulation 
chain performs one or many of: decapsulation, decryption, 
decompression and filtering. 

17. The method of claim 1, further comprising: 
stopping a chain walk at any element in a chain. 

18. The method of claim 17, further comprising: 

upon stopping a chain walk, passing the packet to a 
process external to the chain. 

19. The method of claim 18, wherein the external process 
is implemented by software. 

20. The method of claim 18, wherein the external process 
is implemented by hardware. 
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each element either 
returns a reference to a next element in the chain to be 
executed, wherein the chain walker executes the refer- 
enced next element, or 
returns a null reference, wherein the chain walker stops. 

28. The router of claim 27, further comprising, for each 
interface, an associated interface descriptor block, each 
interface descriptor block comprising: 

a reference to the demultiplexer chain associated with the 
interface; 

a reference to the decapsulation chain array associated 
with the interface; and 

a reference to the encapsulation chain array associated 
with the interface. 

29. The router of claim 28, wherein each encapsulation or 
decapsulation array comprises references to chains of encap- 
sulation or decapsulation processing elements, respectively. 

30. A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by 
the machine to perform method steps of processing packets, 
the method steps comprising: 

specifying a chain of function elements, each element 
capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 

processing the packet by walking through the elements of 
the chain; 



08/28/2003, EAST Version: 1.04.0000 



13 



US 6,578,084 Bl 



receiving an incoming packet at a first interface, the 
packet being encapsulated according to a first protocol, 
wherein processing of the packet is performed by a 
decapsulation chain associated with the first interface 
and with the first protocol; 5 

upon completion of processing by the decapsulation 
chain, passing the packet to and processing it in an 
encapsulation chain associated with a second interface 
and a second protocol; and 

transmitting the processed packet from the second inter- 10 
face. 

31. A computer program product for use in a computer 
network router, the computer program product comprising a 
computer usable medium having computer readable pro- 
gram code means embodied in the medium for causing 1S 
processing of a packet, the computer usable medium com- 
prising: 

computer readable program code means for causing a 
router to specify a chain of function elements, each 
element capable of performing an operation on a 20 
packet, the chain being associated with an interface and 
a protocol; 

computer readable program code means for causing a 
router to process the packet by walking through the 2 s 
elements of the chain; 

computer readable program code means for receiving an 
incoming packet at a first interface, the packet being 
encapsulated according to a first protocol, wherein 
processing of the packet is performed by a decapsula- 30 
tion chain associated with the first interface and with 
the first protocol; 

computer readable program code means for passing, upon 
completion of processing by the decapsulation chain, 
the packet to and processing it in an encapsulation 35 
chain associated with a second interface and a second 
protocol; and 
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computer readable program code means for transmitting 

the processed packet from the second interface. 
32. An article of manufacture for use in a computer 
network router, the article of manufacture comprising a 
computer usable medium having computer readable pro- 
gram code means embodied in the medium, said program 
code means of causing processing of a packet, the program 
code means including: 

computer readable program code means embodied in said 
computer useable medium for causing a router to 
specify a chain of function elements, each element 
capable of performing an operation on a packet, the 
chain being associated with an interface and a protocol; 
computer readable program code means embodied in said 
computer useable medium for causing a router to 
process the packet by walking through the elements of 
the chain; 

computer readable program code means embodied in said 
computer useable medium for receiving an incoming 
packet at a first interface, the packet being encapsulated 
according to a first protocol, wherein processing of the 
packet is performed by a decapsulation chain associ- 
ated with the first interface and with the first protocol; 

computer readable program code means embodied in said 
computer useable medium for passing, upon comple- 
tion of processing by the decapsulation chain, the 
packet to and processing it in an encapsulation chain 
associated with a second interface and a second proto- 
col; and 

computer readable program code means embodied in said 
computer useable medium for transmitting the pro- 
cessed packet from the second interface. 
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